Should I worry about CPU and GPU malware when buying on eBay?

Discussion in 'Mac Pro' started by Stoodioratt, Apr 1, 2018.

  1. Stoodioratt macrumors newbie

    Joined:
    Apr 1, 2018
    Location:
    Brooklyn
    #1
    I looked for some info on this, but haven’t really found anything...maybe that answers my question, lol

    But...

    I have a early 2009 4,1 2.26 GHz 8 core Mac Pro. I’m upgrading the CPUs and graphics card.

    I bought CPUs as an “upgrade kit” so I wouldn’t have to delid. I also bought a GTX 980 gpu that’s was flashed for Mac to have a boot screen.

    Both sellers (eBay)had high number 100% feedback.

    Is it likely that people are putting malware on these?

    Am I paranoid?

    Can I protect or test the pieces?

    Is there safeguard in place that I’m not aware of?

    Appreciate any help/wisdom/schooling.
     
  2. Longkeg macrumors regular

    Joined:
    Jul 18, 2014
    Location:
    S. Florida
    #2
    You’re probably being a little bit paranoid... but you never know.

    It seems like a lot of effort for a very small return. Think about it. Is somebody really going to take the time to flash malware onto individual hardware components to exploit a very small collection older machines? Upgrades such as you describe are not that common. Most people just buy new devices. There are much easier ways to hack computers.
     
  3. Stoodioratt thread starter macrumors newbie

    Joined:
    Apr 1, 2018
    Location:
    Brooklyn
    #3
    Thanks.

    I would tend to agree with you, seems like a lot of hassle not to mention the direct link back to where it came from but wanted to ask the community before I potentially did something dumb.
     
  4. Fishrrman macrumors P6

    Fishrrman

    Joined:
    Feb 20, 2009
    #4
    Questions:
    "Is it likely that people are putting malware on these?
    Am I paranoid?"


    Answer:
    Yes.
     
  5. v3rlon macrumors 6502a

    Joined:
    Sep 19, 2014
    Location:
    Earth (usually)
    #5
    You cannot put malware on a a CPU for Mac/PC. That just won't work.
    I haven't heard of any being deployed through the GPU firmware either. I would worry more that it spent time in a slaving in a cryptocurrency mine before being sold. Or, do you meet the power requirements?

    Now, to flash a 2009 to 2010+ so you can use HDMI audio and stuff, there is a program that might be downloaded, USB, or what have you. If you are concerned, go right to the source and download it yourself. There are numerous threads here at MacRumors alone. I'd post a link, but why should you trust me more than the guy you are paying to deliver a product to you?
     
  6. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #6
    mal·ware
    ˈmalwer/
    noun
    COMPUTING
    software that is intended to damage or disable computers and computer systems.​

    By definition, there is no such thing as malware on a CPU or GPU, which is hardware. The only macOS malware in the wild is avoidable by being careful what software (not hardware) you install.
    Not so much paranoid as somewhat uninformed.
     
  7. ActionableMango macrumors G3

    ActionableMango

    Joined:
    Sep 21, 2010
    #7
    I don't think OP should worry, but your premise is incorrect. Most (all?) modern computer hardware also have onboard firmware, which is programmable software. And while I'm personally not aware of any malware in a CPU or GPU, malware has been used in "hardware" like a motherboard and a hard drive.

    Indeed there is even a proof of concept for firmware malware on Macs that Apple had to provide a security update for.
     
  8. bsbeamer macrumors 68000

    Joined:
    Sep 19, 2012
    #8
    If buying individual parts for 4,1 or 5,1 personally would not be too concerned. Try to stick with sellers that specialize as Apple resellers, or build custom BTO 4,1/5,1 machines if you can. If buying whole machines for parts, would suggest immediately taking all drives out and wiping them at the top level.

    Look for lots of eBay feedback over years, not just a 100% rating. I'd trust a seller with a negative comment or two that has been around for awhile and remedies the situation more than a 100% feedback rating.

    Places like OWC are expensive, but reasons like this concern are why some people buy from them...

    Apps like Little Snitch may help ease your mind, but that is only really at the OS level. You'd need to monitor your modem at the ISP level to really check incoming/outgoing connections if you're concerned about malware phoning home, stealing information, or hacking your machine via mining, etc.

    Also worth asking, are you upgrading your 4,1 > 5,1 via the usual firmware hack everyone seems to use? If so, that technically could expose you to more risk unless you are writing the code and execution yourself. Make sure you're downloading the authentic version and minimize the risk at that level.

    Are you using an EFI modded GPU that is not authentic or stock? Again, technically could expose you to more risk since you do not know what was done to it. You could consider purchasing a brand new GPU directly from NVIDIA or AMD to minimize that risk.
     
  9. Stoodioratt, Apr 2, 2018
    Last edited: Apr 2, 2018

    Stoodioratt thread starter macrumors newbie

    Joined:
    Apr 1, 2018
    Location:
    Brooklyn
    #9
    I am and was concerned about that as well.

    Yes it's a GPU that has been modded. That concern was the reason for the initial post.

    Prob should have bought the OWC choice, but I was tempted by th more powerful GTX 980 for $50 more.
     
  10. ActionableMango macrumors G3

    ActionableMango

    Joined:
    Sep 21, 2010
    #10
    Y'all got any more of those $50 GTX980s???
     
  11. Stoodioratt thread starter macrumors newbie

    Joined:
    Apr 1, 2018
    Location:
    Brooklyn
    #11
    Lol...i meant $50 more. Good catch!
     
  12. bsbeamer macrumors 68000

    Joined:
    Sep 19, 2012
    #12
    If you're truly concerned about the GPU, would suggest to stick with stock non-modified GPUs. GTX 10XX series work fine in Mac Pro 4,1 & 5,1 with the right power cables, or find an authentic EVGA GTX 680 Mac Edition if you need EFI, or make one of the newer AMD cards work.

    NVIDIA directly sells the Founders Edition cards without markup when they are in-stock:
    https://www.nvidia.com/en-us/geforce/products/10series/geforce-store/
     
  13. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #13
    Firmware is not hardware. It is software.
    firm·ware
    ˈfərmwer/
    noun
    COMPUTING
    permanent software programmed into a read-only memory.​
     
  14. ActionableMango macrumors G3

    ActionableMango

    Joined:
    Sep 21, 2010
    #14
    Well no ****, that was my entire point. Graphics cards have firmware, which is software, which is why they can have malware.
     
  15. GGJstudios, Apr 2, 2018
    Last edited: Apr 2, 2018

    GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #15
    Malware doesn't affect hardware, only software, which is what I originally stated. There is no malware in the wild that can affect Mac CPUs or GPUs.
     
  16. ActionableMango macrumors G3

    ActionableMango

    Joined:
    Sep 21, 2010
    #16
    Actually, you said this:

    By definition, there is no such thing as malware on a CPU or GPU, which is hardware.

    You can't really say GPUs cannot have malware by definition due to them being hardware, since they are in fact both hardware and software. Even CPUs have software on them, called microcode, which can also be changed by an updater.
     
  17. Stoodioratt thread starter macrumors newbie

    Joined:
    Apr 1, 2018
    Location:
    Brooklyn
    #17
    The seller I bought the GPU from on eBay has been around for 7-8 years selling theses cards (may or may not be someone known around here). I feel pretty solid about it. Prob just gonna go for it. Thanks for all the help here.
     
  18. orph macrumors 68000

    orph

    Joined:
    Dec 12, 2005
    Location:
    UK
    #18
    unless your on a NSA list in America or something your safe.
    https://www.cnet.com/news/nsa-planted-surveillance-software-on-hard-drives-report/
    https://www.theregister.co.uk/2015/02/17/kaspersky_labs_equation_group/

    NSA been sticking stuff on the arm chips or usb controller chips etc

    there's been a few story's about this but no no one will do it to you as your not worth there time.
    but id think twice about buying a "pre in stalled os drive" (HD/SSD) from ebay (or any dogy copy of windows from somewhere like ebay)

    but yes buying a used CPU/GPU is fairly safe and most the time if there was to be anything it will be targeted at windos so may not even work in osx.

    your more likely to be sold a GPU thats been mining 24/7 for a few years at 80c than being spied on

    ps but dont worry china will spy on you too
    https://www.engadget.com/2017/11/30/homeland-security-claims-dji-drones-spying-china/
    etc
     
  19. Mockletoy macrumors regular

    Mockletoy

    Joined:
    Sep 26, 2017
    Location:
    Kansas City, MO
    #19
    If the NSA were going to put some sort of super-advanced custom badness into GPU's, I'm pretty sure they wouldn't be interested in selling them to randoms folks on the internet. They'd be doing everything they could to get those GPU's into the hands of specific juicy targets.

    What you're worried about, even if it were possible, would entail a great deal of effort and time on the part of the perpetrator, and to what end? To infiltrate some old, nearly-obsolete Mac owned by some nobody they have no interest in?

    When someone like you or I messes around with a video card's BIOS, there is an extremely limited set of options available to us. The end result of tweaking those options is the same firmware with difference options set. It'll either work or it won't work, but changing a GPU's BIOS to do new and interesting things the manufacturer never intended it to do, and having the card still appear to work normally in all other respects, that sounds like science fiction to me. Doing it to a CPU seems even more problematic.
     
  20. orph macrumors 68000

    orph

    Joined:
    Dec 12, 2005
    Location:
    UK
    #20
    well i meant it as a half joke, it' is possible but no wont happen relay.

    what they do is stop your post on the way to you and then add there special touch then get it sent on, there's no way to tell but it wont happen to you, your more likely to install malware yourself

    i think the intel spectre bug may let some one install something on to the cpu.

    but no wont relay happen unless your a dater center or trump etc
     

Share This Page